Selective Capping of Packet Payloads for Network Analysis and Management
Both network managers and analysts appreciate the importance of network traces as a mechanism to understand traffic behavior, detect anomalies and evaluate performance in a forensic manner, among other applications. Unfortunately, the process of network capture and storage has become a challenge given the ever-increasing network speeds. In this scenario, we intend to make packets thinner to reduce both write speed and storage requirements on hard-drives and further reduce computational burden of packet analysis. To this end, we propose to remove the payload on those packets that hardly could be interpreted afterwards. Essentially, binary packets from unknown protocols fall into this category. On the other hand, binary packets from well-known protocols and protocols with some ASCII data are fully captured as potentially a network analyst may desire to inspect them. We have named this approach as selective capping, which has been implemented and integrated in a high-speed network driver as an attempt to make its operation faster and more transparent to upper layers. Its results are promising as it achieves multi-Gb/s rates in different scenarios, which could be further improved exploiting novel low-level hardware-software tunings to meet the fastest networks’ rates.
Unable to display preview. Download preview PDF.
- 1.Forconesi, M., Sutter, G., López-Buedo, S., López de Vergara, J.E., Aracil, J.: Bridging the gap between hardware and software open-source network developments. IEEE Network 28(5), 13–19 (2014)Google Scholar
- 2.Fusco, F., Vlachos, M., Dimitropoulos, X.: Rasterzip: compressing streaming network monitoring data with support for partial decompression. In: ACM Internet Measurement Conference, pp. 51–64 (2012)Google Scholar
- 3.García-Dorado, J.L., Mata, F., Ramos, J., Santiago del Río, P.M., Moreno, V., Aracil, J.: High-Performance network traffic processing systems using commodity hardware. In: Biersack, E., Callegari, C., Matijasevic, M. (eds.) Data Traffic Monitoring and Analysis. LNCS, vol. 7754, pp. 3–27. Springer, Heidelberg (2013) CrossRefGoogle Scholar
- 4.Han, S., Jang, K., Park, K.S., Moon, S.: PacketShader: a GPU-accelerated software router. In: ACM SIGCOMM, pp. 195–206 (2010)Google Scholar
- 5.Intel: 82599 10 Gbe controller datasheet (2012). http://www.intel.com/content/www/us/en/ethernet-controllers/82599-10-gb e-controller-datasheet.html (December 1, 2014)
- 7.Maier, G., Sommer, R., Dreger, H., Feldmann, A., Paxson, V., Schneider, F.: Enriching network security analysis with time travel. In: ACM SIGCOMM, pp. 183–194 (2008)Google Scholar
- 8.Moreno, V., Santiago del Río, P.M., Ramos, J., García-Dorado, J.L., Gonzalez, I., Gómez-Arribas, F.J., Aracil, J.: Packet storage at multi-gigabit rates using off-the-shelf systems. In: IEEE Conference on High Performance and Communications, pp. 486–489 (2014)Google Scholar
- 9.Moreno, V., Santiago del Río, P.M., Ramos, J., Muelas, D., García-Dorado, J.L., Gómez-Arribas, F.J., Aracil, J.: Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems. International Journal of Network Management 24(4), 221–234 (2014)Google Scholar
- 10.naudit: Detect-pro (2013). http://www.naudit.es/ (December 1, 2014)
- 11.Papadogiannakis, A., Polychronakis, M., Markatos, E.P.: Scap: Stream-oriented network traffic capture and analysis for high-speed networks. In: ACM Internet Measurement Conference, pp. 113–124 (2012)Google Scholar
- 13.Taylor, T., Coull, S.E., Monrose, F., McHugh, J.: Toward efficient querying of compressed network payloads. In: USENIX Annual Technical Conference, pp. 113–124 (2012)Google Scholar
- 14.Walsworth, C., Aben, E., Claffy, K., Andersen, D.: The CAIDA anonymized 2009 Internet traces. http://www.caida.org/data/passive/passive_2009_dataset.xml (December 1, 2014)